Announcement

Collapse
No announcement yet.

AD Schema Modification?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • AD Schema Modification?

    Dear Good and Kind Folks of Petri.co.il ,
    Is there a way of modifying the AD Schema so that Machines joined to the domain go to a specific OU instead of the default computers container?.

    We've created an OU for all the machines in one of our offices and applied certain GPO settings, we want any machine joining the domain from that office to be automatically put in this OU.
    Last edited by danielp; 10th October 2005, 12:15.

  • #2
    Not that i'm aware of but if you use RIS to build workstations then you can specifiy which OU they go to once built.
    Server 2000 MCP
    Development: ASP, ASP.Net, PHP, VB, VB.Net, MySQL, MSSQL - Check out my blog http://tonyyeb.blogspot.com

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

    Comment


    • #3
      http://support.microsoft.com/default...b;en-us;324949
      Guy Teverovsky
      "Smith & Wesson - the original point and click interface"

      Comment


      • #4
        We do not use RIS and haven't just migrated, we configure our machines manually -unheard of - I know but that is the situation. Our machines are HP USDTs preinstalled with WinXP SP2, we install our applications which ain't many and then give them out.

        Comment


        • #5
          I actually read somewhere (yes I read !!), that if you setup an account specifically for the purpose of adding machines to the domain, and only delegate permissions to add machines to a specific OU (i.e. other than the default), then the Comp Account is automatically registered within that OU.

          Have never tried it so I can't guarantee but there will be no harm in trying.

          topper
          * Shamelessly mentioning "Don't forget to add reputation!"

          Comment


          • #6
            guys, don't you read the links ?

            In W2K3 you can do:
            Code:
            C:\windows\system32>redircomp ou=mycomputers,DC=company,dc=com
            Guy Teverovsky
            "Smith & Wesson - the original point and click interface"

            Comment


            • #7
              I know of no way to do it in a Windows 2000 domain other than moving manually.

              As per guyt's instructions for 2k3.

              Comment


              • #8
                Originally posted by guyt
                guys, don't you read the links ?

                In W2K3 you can do:
                Code:
                C:\windows\system32>redircomp ou=mycomputers,DC=company,dc=com
                Would we ignore you Guy ??

                It just he wants it automatically assigned to an OU when adding not having to go round with an admin account after to chaneg them all !
                * Shamelessly mentioning "Don't forget to add reputation!"

                Comment


                • #9
                  Cool article...
                  Server 2000 MCP
                  Development: ASP, ASP.Net, PHP, VB, VB.Net, MySQL, MSSQL - Check out my blog http://tonyyeb.blogspot.com

                  ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

                  Comment


                  • #10
                    Just thinking a bit more on this.

                    How would the script know what ou to add machines to when joinging the domain. Will it be done on a name basis, i.e

                    If <machine name> starts with <tech> then move to <tech OU>

                    Comment


                    • #11
                      It's been a very long day, so I might be missing something, but... redircomp.exe changes the default container for newly joined computers. The result is that if you have a box in a workgroup and you manually joint it to the AD (from the workstation) the new account will be created not under CN=Computers, but rather under OU=YourOU. This is not about moving a single computer to OU. This is about new computer objects being created by default in the location you redirected to (which was a single-task operation).

                      The change, though, is global for ANY computer being joined.

                      If you want to have only computers from a specific site to go to,say OU_SITE_X, you can try one of the following approaches:

                      1) a script which is performing network scans of a given IP segment, and moves the accounts to a predefined OU

                      2) pre-create the accounts in the target OU

                      3) Use startup script (at domain level GPO) which will map the client's IP to OU and will move the computer account to the desired OU (this approach has some security drawbacks, as the move operation has to be performed in the context of AD account with elevated privileges that let create objects in target OU, delete in source OU and have rights to update some computer account attributes)

                      4) mix any of the above

                      5) my brains are toast...
                      Guy Teverovsky
                      "Smith & Wesson - the original point and click interface"

                      Comment


                      • #12
                        Guy is right of course. I've done this for a customer. It's trivial to implement the redirection, and it works. Just as described in the link

                        > 5) my brains are toast...

                        Not yet, my friend!

                        Comment

                        Working...
                        X